| With the rapid development of the Internet, the problem of network security is outstanding increasingly. VPN technology provides an overall solution to this problem.Our goal is to finish a product prototype with full functions.The management module is an very important functional modules of aVPN system.Among this,SPD and CA are the most important.A SPD entry defines the following things:the communication to protect,how to protect and with whom to share this protection.Every packet must check the SPD to provide possible security application before it gets in or gets out the IP stack.A SPD entry may define the following several actions: discard,bypass and apply.The main function of CA is authentication.When two users want to communicate using VPN and need to authenticate,anyone should provideits certificate to the other.If the two certificate are signed by the same CA,they can trust with each other.This paper expatiates the theories of SPD and PKI CA,analyzes the OPENSSL library thoroughly and discuss the design and implementation of SPD and CA in the distributed VPN system.From the aspect of redundancy and efficiency,we design a relatively integrallty SPD system to which we can add,delete and edit SPD entry.Meanwhile,after wholly understanding the frame of CA and entirely analyzing OPENSSL, According to the practical situation of our system,we design and implement a relatively simple CA system by using the functions and encryption algorithms of OPENSSL.It can sign and revoke certificates of X509 format.It can also produce RSA secret keys for users.The testing results show that the distributed VPN system has good functions and that we have achieved our expectant goals. |
PDF Full Text Request